PT-2021-3740 · Schneider Electric · Evlink Parking+2
Published
2021-07-13
·
Updated
2021-07-28
·
CVE-2021-22707
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
EVlink City versions prior to R8 V3.4.0.1
EVlink Parking versions prior to R8 V3.4.0.1
EVlink Smart Wallbox versions prior to R8 V3.4.0.1
Description
A Use of Hard-coded Credentials issue exists that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges. This could be exploited by a remote attacker to send unsanctioned commands.
Recommendations
For EVlink City versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Parking versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
For EVlink Smart Wallbox versions prior to R8 V3.4.0.1, update to R8 V3.4.0.1 or later to resolve the issue.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Evlink City
Evlink Parking
Evlink Smart Wallbox